Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: 0976f993 by Markus Koschany at 2020-09-09T23:13:48+02:00 Remove no-dsa tags for upcoming libxml2 update. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -41696,7 +41696,6 @@ CVE-2020-7596 (Codecov npm module before 3.6.2 allows remote attackers to execut CVE-2020-7595 (xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infini ...) - libxml2 2.9.10+dfsg-2.1 (bug #949582) [buster] - libxml2 <no-dsa> (Minor issue) - [stretch] - libxml2 <no-dsa> (Minor issue) [jessie] - libxml2 <no-dsa> (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c8907645d2e155f0d89d4d9895ac5112b5 CVE-2020-7594 (MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 devices allow remo ...) @@ -41952,7 +41951,6 @@ CVE-2019-20389 (An XSS issue was identified on the Subrion CMS 4.2.1 /panel/conf CVE-2019-20388 (xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaV ...) - libxml2 2.9.10+dfsg-2.1 (bug #949583) [buster] - libxml2 <no-dsa> (Minor issue) - [stretch] - libxml2 <no-dsa> (Minor issue) [jessie] - libxml2 <no-dsa> (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/7ffcd44d7e6c46704f8af0321d9314cd26e0e18a CVE-2019-20387 (repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-ba ...) @@ -51203,7 +51201,6 @@ CVE-2019-19956 (xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before [experimental] - libxml2 2.9.10+dfsg-1 - libxml2 2.9.10+dfsg-2 [buster] - libxml2 <no-dsa> (Minor issue) - [stretch] - libxml2 <no-dsa> (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/82 NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549 (v2.9.10-rc1) CVE-2019-19955 @@ -131204,7 +131201,6 @@ CVE-2018-14567 (libxml2 2.9.8, if --with-lzma is used, allows remote attackers t [experimental] - libxml2 2.9.9+dfsg1-1~exp1 - libxml2 2.9.10+dfsg-2 [buster] - libxml2 <no-dsa> (Minor issue) - [stretch] - libxml2 <postponed> (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/13 (not public yet) NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74 CVE-2018-14566 @@ -131699,7 +131695,6 @@ CVE-2018-14404 (A NULL pointer dereference vulnerability exists in the xpath.c:x [experimental] - libxml2 2.9.9+dfsg1-1~exp1 - libxml2 2.9.10+dfsg-2 (low; bug #901817) [buster] - libxml2 <no-dsa> (Minor issue) - [stretch] - libxml2 <no-dsa> (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/5 NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/10 NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594 @@ -145514,7 +145509,6 @@ CVE-2017-18258 (The xz_head function in xzlib.c in libxml2 before 2.9.6 allows r [experimental] - libxml2 2.9.7+dfsg-1 - libxml2 2.9.10+dfsg-2 (low; bug #895245) [buster] - libxml2 <no-dsa> (Minor issue) - [stretch] - libxml2 <postponed> (Minor issue; wait for upstream fix for upstream bug 794914) [wheezy] - libxml2 <postponed> (Minor issue; wait for upstream fix for upstream bug 794914) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=786696 NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb @@ -197732,7 +197726,6 @@ CVE-2017-8873 RESERVED CVE-2017-8872 (The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 all ...) - libxml2 2.9.4+dfsg1-6.1 (bug #862450) - [stretch] - libxml2 <no-dsa> (Minor issue) [jessie] - libxml2 <no-dsa> (Minor issue) [wheezy] - libxml2 <no-dsa> (Minor issue) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775200 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0976f9932ac0e4422aedb56147ff6c9937458f19 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0976f9932ac0e4422aedb56147ff6c9937458f19 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits